<?php
/**
 * 管理员管理
 */
include (dirname(__FILE__)."/session.inc.php");//全局变量

//页面属于
$mod=trim(empty($_REQUEST['mod'])?"list":$_REQUEST['mod']);
$smarty->assign("mod",$mod);
$link_url="";
$tb_admin="`".$tbprefix."admin`";
//当前页
$page =empty($_REQUEST['page'])||($_REQUEST['page']<0)?"1":trim($_REQUEST['page']);

switch ($mod){
	//编辑
	case "edit":

		//页面动作
		@$act=isset($_REQUEST['act'])?trim($_REQUEST['act']):"";
		@$back_url=isset($_SESSION['act_url'])?$_SESSION['act_url']:"admin.php?mod=list";
		/**
		 * 获取地址栏传递的id
		 */
		$pid=isset($_GET['pid'])?$_GET['pid']:"0";
		$smarty->assign("pid",$pid);
		$smarty->assign("page",$page);

		switch ($act){
			//添加
			case "add":

				$titles_edit="添加";
				$oneinfo=array("adminid"=>0);

				break;

				//更新
			case "update":

				$titles_edit="修改";

				$oneinfo=$db->get_one("SELECT * FROM ".$tb_admin." WHERE  `adminid`='".$pid."' AND 1");

				break;

				//重置密码操作
			case "reset":

				if($adminPower<1){
					$oneinfo=$db->get_one("SELECT * FROM ".$tb_admin." WHERE  `adminid`='".$pid."' AND 1");

					if($oneinfo['email']){
						$randpwd=rand(1000000,99999999);//随机数
						$resetNewPwd=isset($randpwd)?trim($randpwd):$pwdresetting;
						$pwd_md5=$resetNewPwd.$pwdconstant;
						$send_content="亲爱的".$oneinfo['realname'].":<br/>您于".$m_now_date."重置了您的系统后台登录密码,您重置的临时密码是“".$resetNewPwd."” 请您登录后立即修改。
								<br/>您可以点击地址<a href='".$cfg['webURL']."/admin/' target='_blank'>".$cfg['webURL']."/admin/</a>登录。(如果无法点击，可以直接复制，然后粘贴到浏览器的地址栏里)
								<br/><br/>您收到这封电子邮件是因为您(也可能是某人冒充您的名义)重置了一个新的密码。假如这不是您本人所操作,请不用理会这封电子邮件,但是如果您持续收到这类信件的骚扰,请您尽快联络管理员
								<br/>来自&nbsp;".$cfg['sysNames']."
								<br/>此为系统邮件,请勿回复";
						
						$sendMail=$fun->send_email($email_config,$sendemail=$oneinfo['email'],$sendname=$oneinfo['realname'],$formname=$cfg['sysNames']."后台登录密码重置",$subject="您在《".$cfg['sysNames']."》重置密码成功",$content=$send_content);
						if($sendMail['status']=="true"){
							$dataArray['changetime']=$m_now_time;
							$dataArray['password']=md5($pwd_md5);
							$update_pwd=$db->update($tb_admin,$dataArray,$condition="`adminid`='".$pid."' AND 1");
							if($update_pwd==true){
								$fun->msg("重置密码操作成功",'?mod=edit&act=update&pid='.$pid.'&page='.$page,2);
							}else{
								$fun->msg("重置密码操作失败",'?mod=edit&act=update&pid='.$pid.'&page='.$page,2);
							}
						}else{
							$fun->msg($sendMail['Description'],'?mod=edit&act=update&pid='.$pid.'&page='.$page,2);
						}

					}else{
						$fun->msg("您没有设置邮箱,无法重置密码",'?mod=edit&act=update&pid='.$pid.'&page='.$page,2);
					}
				}else{
					$fun->msg("权限不足",'?mod=edit&act=update&pid='.$pid.'&page='.$page,2);
				}


				//修改
			case "change":

				//用于获取hid动作
				$hid=isset($_POST['actId'])?$_POST['actId']:"";
				//原管理员
				$formeruser=isset($_POST['formeruser'])?$fun->checkInput($_POST['formeruser']):"";
				//原密码
				$formerpwd=isset($_POST['formerpwd'])?$_POST['formerpwd']:"";
				//新管理员
				$newuser=!empty($_POST['newuser'])?$fun->checkInput($_POST['newuser']):"";
				//新密码
				$newpwd=!empty($_POST['newpwd'])?$_POST['newpwd']:$pwdresetting;
				//再次确认新管理员
				$newuser1=!empty($_POST['newuser1'])?$fun->checkInput($_POST['newuser1']):"";
				//再次确认新密码
				$newpwd1=!empty($_POST['newpwd1'])?$_POST['newpwd1']:"";
				//昵称
				$newnickname=!empty($_POST['newnickname'])?$fun->checkInput($_POST['newnickname']):"";
				//管理员权限
				$permission_key=empty($_POST['permission_num'])?"0":$_POST['permission_num'];
				//手机号码
				$tel=!empty($_POST['phone'])?$fun->checkInput($_POST['phone']):"";
				//邮箱
				$email=trim(!empty($_POST['email'])?$fun->checkInput($_POST['email']):"");


				$dataArray['username']=$newuser;
				//md5+常量加密密码
				$dataArray['password']=md5($newpwd.$pwdconstant);
				//姓名
				$dataArray['realname']=$newnickname;
				//姓名拼音
				$dataArray['realnamePinyin']=$fun->pinyin($newnickname,1)?$fun->pinyin($newnickname,1):"X";
				//管理员权限
				$dataArray['permission']=$permission_key;
				//当前IP地址
				$dataArray['modify_ip']=$fun->get_web_ip();
				//手机
				$dataArray['tel']=$tel;
				//邮箱
				$dataArray['email']=$email;
				//原密码加密
				$md5formerpwd=md5($formerpwd.$pwdconstant);

				if(empty($hid)){
					//添加
					$dataArray['login_num']=0;
					$dataArray['regtime']=$m_now_time;
					$dataArray['state']=1;//激活
					$dataArray['is_valid']=1;//有用数据
					$check_email=$db->get_one("SELECT `adminid` FROM `{$tbprefix}admin` WHERE `is_valid`='1' AND `email`='{$email}' AND 1");
					if(!empty($check_email['adminid'])){
						$fun->msg('邮箱已经存在,添加失败','?mod=edit&act=add&page='.$page,2);
					}else{
						if($db->insert($tb_admin,$dataArray))
						{
							$fun->msg('添加成功','?mod=edit&act=add&page='.$page,2);
							$db->close();
						}
						else
						{
							$fun->msg('添加失败','?mod=edit&act=add&page='.$page,2);
						}
					}
				}else{
					$adminOld=$db->get_one("SELECT `adminid` FROM ".$tb_admin." WHERE `username`='".$formeruser."' AND `password`='".$md5formerpwd."' AND `adminid`='".$hid."' AND 1");
					if(!empty($adminOld['adminid'])){
						$totaladmin=$db->get_one("SELECT COUNT(`adminid`) AS `total` FROM ".$tb_admin." WHERE `permission`='0' AND `adminid`<>'".$hid."' AND 1");
						switch ($totaladmin['total']){
							case 0:
								//管理员权限
								$dataArray['permission']=0;
								$changemsg=$permission_key==1?"无法修改唯一的系统管理员权限":"";
								break;
							default:
								$changemsg="";
								break;
						}
						$dataArray['changetime']=$m_now_time;
						if($db->update($tb_admin,$dataArray,$condition="`adminid`='".$hid."' AND 1"))
						{
							$fun->msg('更新成功 '.$changemsg,'?mod=edit&act=update&pid='.$hid.'&page='.$page,2);
							$db->close();
						}
						else
						{
							$fun->msg('更新失败 '.$changemsg,'?mod=edit&act=update&pid='.$hid.'&page='.$page,2);
						}


					}else{
						$fun->msg('原管理员用户名或密码错误','?mod=edit&act=update&pid='.$hid.'&page='.$page,2);
					}


				}

				break;

			default:
				$fun->msg("操作失败,正在跳转...",$back_url,2);//错误跳转到新的页面
				break;
		}


		$smarty->assign("one",$oneinfo);//要修改的企业设备信息
		$smarty->assign("titleAct",$titles_edit);//页面操作动作标题
		$smarty->assign("Returnfpage",$back_url);//返回列表


		break;


	//是否显示
	case "ishow":
		/*更新是否显示*/
		@$back_url=$_SESSION['act_url']?$_SESSION['act_url']:"?mod=list";

		if($adminPower<1){
			$adminid=empty($_GET['adminid'])?0:$_GET['adminid'];
			$totaladmin=$db->get_one("SELECT COUNT(`adminid`) AS `total` FROM ".$tb_admin." WHERE `permission`='0' AND `adminid`<>'".$adminid."' AND `state`='1' AND 1");
			switch ($totaladmin['total']){
				case 0:
					//管理员权限
					$fun->msg("无法冻结唯一的系统管理员",$back_url,1);
					break;
				default:
					$ishow=isset($_GET['ishowId'])?$_GET['ishowId']:($fun->msg("操作失败,正在跳转...",$back_url,2));

					$totalInfo=$db->get_one("SELECT COUNT(`adminid`) AS `total` FROM ".$tb_admin." WHERE  `adminid`='".$adminid."' AND 1");
					$total=$totalInfo['total'];
					if($total){
						$db->query("UPDATE ".$tb_admin." SET `state`='".$ishow."' WHERE `adminid`='".$adminid."' AND 1");
						echo "<script>window.location.href='$back_url';</script>";
					}else{
						$fun->msg("操作失败,正在跳转...",$back_url,2);//错误跳转到新的页面
					}
					break;
			}

		}else{
			$fun->msg("权限不足",$back_url,2);//错误跳转到新的页面
		}

	break;

	default:
		$condition="";
		$adminInfo=$db->get_all("SELECT * FROM {$tb_admin} WHERE `is_valid`='1' ".($adminPower<1?"":"AND `adminid`='{$input_adminid}' ")." AND 1 ORDER BY `logintime` DESC,`regtime` DESC");
		$smarty->assign("adminInfo",$adminInfo);

		$act_url=$_SESSION['act_url']=$fun->GetCurUrl(1);//获取URL的路径存入session

		//当前页
		$page =empty($_GET['page'])||($_GET['page']<0)?"1":$_GET['page'];
		$smarty->assign("page", $page);


		/*批量删除部分*/
		if(!empty($_POST['delall']))					//用于判断复选框有无勾选以及是否点击删除
		{
			$del_id=isset($_POST['del'])?$_POST['del']:($fun->msg("请选择要删除的数据",$act_url,2));
			if($adminPower<1){
				$ids=implode("','",$del_id);		//implode函数把数组元素组合成一个用","分开的字符串
				$admintotal=$db->get_one("SELECT COUNT(`adminid`) AS `T` FROM  ".$tb_admin." WHERE `adminid` NOT IN ('$ids') AND `permission`='0' AND `is_valid`='1' AND 1");
				$del_adminT=$admintotal['T'];
				switch ($del_adminT){
					case 0:
						$fun->msg("至少保留一个系统管理员",$act_url,2);
						break;
					default:
						$delloginadmin=$db->get_one("SELECT COUNT(`adminid`) AS `total` FROM  ".$tb_admin." WHERE `adminid` IN ('$ids') AND `adminid`<>'".$input_adminid."' AND 1");

						if($delloginadmin['total']==0){
							$fun->msg("无法删除正在使用的管理员",$act_url,2);
						}else{
							$dataArray['is_valid']="0";
							$del_admin=$db->update($tb_admin,$dataArray,$condition="`adminid` IN ('".$ids."') AND 1");//删除【隐藏】adminid
							if($del_admin==true){
								$fun->msg("删除成功",$act_url,2);
							}
							else{
								$fun->msg("删除失败",$act_url,2);
							}
						}
						break;
				}
			}else{
				$fun->msg("权限不足",$act_url,2);//错误跳转到新的页面
			}

		}



		break;
}

$smarty->assign("adminPower",$adminPower);//登录的管理员权限
$smarty->assign("title",$cfg['sysName']);
@$smarty->display("admin.tpl");//模版页
?>